Unpatched Internet Explorer exploit hits the Web

Israeli security researcher Moshe Ben Abu has published the exploit code of an unpatched Internet Explorer security hole. With the help of a McAfee blog post, Abu pinpointed the vulnerability in about 10 minutes. Microsoft warned on Tuesday that the bug could allow an attacker to take control of a computer, and advised users of IE 6 and 7 to install version 8 as soon as possible.

CNET asked Abu how dangerous the vulnerability is, and his response was in line with Microsoft's recommendation of updating to IE8. Abu also noted that the exploit is quite unstable, with about 60% to 70% success rate, and confirmed that it is critical to older builds of IE. Microsoft provided additional workarounds in its advisory for users who can't upgrade to the latest browser version.

Although information in McAfee's sped up the process, Abu said he would have found the vulnerability anyway. McAfee said the post in question did not contain enough information to directly lead anyone to the hole, but the firm's future blog posts will undergo "additional sanitization" to avoid giving exploit writers a starting point when hunting for exploit code.